Mutual authentication with modified message authentication code

US 8,260,259 B2
Filed: 09/02/2005
Issued: 09/04/2012
Est. Priority Date: 09/08/2004
Status: Active Grant

First Claim

Patent Images

1. A method of instructing a subscriber identity module in a cellular communications network to process authentication information, comprising:

receiving authentication data at the subscriber identity module, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF);

computing a first expected MAC using at least a portion of said authentication data;

comparing said first expected MAC to said first received MAC;

computing a second expected MAC;

comparing said second expected MAC to said first received MAC; and

processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices for instructing a subscriber identity module in a cellular communications network to process non-standard authentication information in a standard manner are disclosed. One embodiment of a method comprises receiving a first message authentication code (MAC) and an authentication management field (AMF) at a subscriber identity module as part of an authentication protocol, calculating a second MAC and determining whether the second MAC is equivalent to the first MAC. If the first and second MAC are not equivalent, the SIM calculates a third MAC and determines whether the first MAC is equivalent to the third MAC, and if so, the subscriber identity module processes the AMF in a predefined or standard manner.

Citations

15 Claims

1. A method of instructing a subscriber identity module in a cellular communications network to process authentication information, comprising:
- receiving authentication data at the subscriber identity module, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  computing a first expected MAC using at least a portion of said authentication data;
  
  comparing said first expected MAC to said first received MAC;
  
  computing a second expected MAC;
  
  comparing said second expected MAC to said first received MAC; and
  
  processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein processing said AMF generates an instruction to the subscriber identity module to retain an authentication result.
  - 3. The method of claim 2, wherein said authentication result comprises at least one of a ciphering key and an integrity key.
  - 4. The method of claim 1, wherein processing said AMF comprises generating an instruction to the subscriber identity module to perform key separation among encryption algorithms.
  - 5. The method of claim 1, wherein the first expected MAC is used in conjunction with one or more parameters to generate the second expected MAC in the event that the said first expected MAC to said first received MAC step determines the first expected MAC is different than the first received MAC.

6. A method of instructing a subscriber identity module in a mobile communications network to process authentication information in a predefined manner, comprising:
- receiving one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  generating, in the subscriber identity module, a second MAC using one or more received authentication data fields, andcomparing said second MAC to said first MAC;
  
  generating, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields;
  
  determining whether said first MAC is the same as said third MAC; and
  
  processing at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, wherein said third MAC is generated using a distinguished authentication data field.
  - 8. The method of claim 7, wherein processing at least a portion of said AMF generates an instruction to the subscriber identity module to retain an authentication result at the subscriber identity module in confidence.

9. A mutual authentication system for instructing a subscriber identity module in a communications network to process authentication information, comprising:
- means for sending authentication data to a mobile station, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  means for receiving said authentication data at said mobile station;
  
  means for computing a first expected MAC using at least a portion of said authentication data;
  
  means for comparing said first expected MAC to said first received MAC;
  
  means for computing a second expected MAC;
  
  means for comparing said second expected MAC to said first received MAC; and
  
  means for processing at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein said means for processing said AMF is configured to generate an instruction to the subscriber identity module to retain an authentication result.
  - 11. The system of claim 10, wherein said authentication result comprises at least one of a ciphering key and an integrity key.
  - 12. The system of claim 9, wherein said means for processing said AMF comprises means for generating an instruction to the subscriber identity module to perform key separation among encryption algorithms.

13. A subscriber identity module in a mobile communications network configured to process authentication information in a predefined manner, comprising:
- means for receiving one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  means for generating, in the subscriber identity module, a second MAC using one or more received authentication data fields, andmeans for comparing said second MAC to said first MAC;
  
  means for generating, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields;
  
  means for determining whether said first MAC is the same as said third MAC; and
  
  means for processing at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC.

14. A non-transitory computer-readable storage medium containing instructions stored thereon, which, when executed by a mutual authentication system for instructing a subscriber identity module in a communications network to process authentication information, causes the mutual authentication system to perform operations, the instructions comprising:
- program code to send authentication data to a mobile station, said authentication data comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  program code to receive said authentication data at said mobile station;
  
  program code to compute a first expected MAC using at least a portion of said authentication data;
  
  program code to compare said first expected MAC to said first received MAC program code to compute a second expected MAC;
  
  program code to compare said second expected MAC to said first received MAC; and
  
  program code to process at least a portion of said AMF in a predefined manner when said second expected MAC and said first received MAC are the same.

15. A non-transitory computer-readable storage medium containing instructions stored thereon, which, when executed by a subscriber identity module in a mobile communications network configured to process authentication information in a predefined manner, cause the subscriber identity module to perform operations, the instructions comprising:
- program code to receive one or more authentication data fields at the subscriber identity module, said authentication data fields comprising a first message authentication code (MAC) and an authentication management field (AMF);
  
  program code to generate, in the subscriber identity module, a second MAC using one or more received authentication data fields, andprogram code to compare said second MAC to said first MAC;
  
  program code to generate, in the subscriber identity module, a third MAC when said second MAC differs from said first MAC, wherein said third MAC is generated based on one or more received authentication data fields; and
  
  program code to determine whether said first MAC is the same as said third MAC; and
  
  program code to process at least a portion of said AMF in a predefined manner when said first MAC is the same as said third MAC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Semple, James, Rose, Gregory G., Paddon, Michael, Hawkes, Philip Michael
Primary Examiner(s)
Pérez-Gutiérrez, Rafael
Assistant Examiner(s)
AREVALO, JOSEPH

Application Number

US11/218,832
Publication Number

US 20060079205A1
Time in Patent Office

2,559 Days
Field of Search

370/389, 370/458, 370/254, 370/459, 370/437, 370/441, 370/392, 370/255, 455/451, 455/426, 455/411, 455/410, 455/404.1, 709/209, 709/229, 711/154, 711/114, 711/170, 711/193, 711/162, 711/163, 711/103, 379/62, 726/27, 726/3, 726/2, 726/14, 726/28, 726/20, 726/16, 726/9, 726/26, 726/34, 713/182, 713/1, 713/169, 713/168, 713/190, 713/170
US Class Current

455/411
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/123   received data contents, e.g...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/108   Source integrity

Mutual authentication with modified message authentication code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Mutual authentication with modified message authentication code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links